US20040128561A1 - Method to provide an authentication for a user - Google Patents

Method to provide an authentication for a user Download PDF

Info

Publication number
US20040128561A1
US20040128561A1 US10/733,638 US73363803A US2004128561A1 US 20040128561 A1 US20040128561 A1 US 20040128561A1 US 73363803 A US73363803 A US 73363803A US 2004128561 A1 US2004128561 A1 US 2004128561A1
Authority
US
United States
Prior art keywords
user
xid
session
authentication
credential
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/733,638
Other languages
English (en)
Inventor
Christele Bouchat
Sven Ooghe
Erwin Six
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alcatel Lucent SAS
Original Assignee
Alcatel SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alcatel SA filed Critical Alcatel SA
Assigned to ALCATEL reassignment ALCATEL ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BOUCHAT, CHRISTELE, OOGHE, SVEN MAURICE JOSEPH, SIX, ERWIN ALFONS CONSTANT
Publication of US20040128561A1 publication Critical patent/US20040128561A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/126Applying verification of the received information the source of the received data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/14Session management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords

Definitions

  • the present invention relates to a method to provide an authentication for a user in a telecommunication network during session establishment according to a protocol between a user equipment and an authentication device according to the preamble of claim 1 , and to a user equipment and to an authentication device according to, respectively, the preamble of claim 7 and claim 8 , and to a telecommunication network according to the preamble of claim 10 .
  • the Password Authentication Protocol works with a request message being send by a user to an authenticator.
  • This request message comprises a user identification that uniquely identifies the user and a user-password that is associated to the user.
  • the authenticator verifies the received user-password with a verification user-password that is associated according to its available information to the received user identification. In the event when a match is found between the received user-password and the verification password, an acknowledgment is send to the user.
  • the PAP protocol is an easy but not secure protocol because the user-password of the user can be read inside the request message. However, for a point-to-point protocol, this is no major problem.
  • a user sends a request-message to the authenticator.
  • This request-message comprises a user-identification of the user.
  • the authenticator sends back a random string, called a ‘Challenge’ whereby the user, upon reception of this Challenge string, transforms the string.
  • the user equipment transforms the Challenge string via a one-way function to a new transformed string by using his user-password as a key.
  • This transformed string is send back to the authenticator.
  • the authenticator performs the same operation with the first challenge string and a user password according to his own information e.g. a user password that is present in his database.
  • This string can be called verification string.
  • the authenticator verifies whether his solution i.e. the verification string is the same as transformed string and acknowledges the user.
  • This known Dynamic Host Configuration Protocol DHCP protocol is used between a user equipment and a DHCP Server i.e. in private domains and is initially developed by the IETF mainly for inter-domain identification by means of e.g. inclusion of the Hardware address of the user equipment i.e. the client in a client identification field of a DHCP message.
  • the DHCP protocol will be used between a user-equipment and a DHCP server, which can be located inside an Access Multiplexer, a Broadband Access Server or an Edge Router.
  • Network Service offered via this access network mainly need user identification instead of equipment identification, therefor the used protocols require a user-based authentication.
  • DHCP is a broadcasting protocol environment
  • PAP implementation would not be secure since the password and username would be sent over the network in an unencrypted form.
  • the actual standard of DHCP protocol does not include extra messages such as ‘forwarding a string challenge’ which is required to implement the CHAP protocol. Indeed, one would need to change the message exchange mechanism of DHCP completely. Indeed, between the moment that a user, called client in the DHCP documents, would send a DHCP-Discover broadcast message to the authenticator and the moment that the authenticator has to give to the user an offer message, there are no DHCP messages available to be used. This means that the CHAP protocol sequence doesn't fit in DHCP protocol. Within DHCP, there is no mechanism to allow a secure user-based authentication.
  • a possible solution would be to add an authentication phase by performing authentication after the IP connection has been established when using the DHCP protocol.
  • web-based authentication can be used, by means of the Hypertext Transfer Protocol (HTTP).
  • HTTP Hypertext Transfer Protocol
  • such a solution requires that the user already has an IP address before making the authentication.
  • An object of the present invention is to provide a method that provides an authentication for a user in a telecommunication network during session establishment between a user equipment and an authentication device, according to the above known methods but which is suited to be used in public domain environments and which is simple to be implemented in existing session establishment protocols with a broadcasting character.
  • this object is achieved with the method to provide an authentication for a user in a telecommunication network during session establishment according to a protocol between a user equipment and an authentication device according to claim 1 , and with the user equipment and the authentication device which are implementing such a method, according to, respectively, claim 7 and claim 8 , and with the telecommunication network that comprises such user equipment and such authentication device, according to claim 10 .
  • the present method to provide an authentication for a user in a telecommunication network during session establishment according to a protocol between a user equipment and an authentication device comprises therefor the steps of:
  • a third generator upon reception by the authentication device of the session message by a third generator generating a verification credential based upon the received session parameter of the session message and a user password that is associated, according to the information of the authentication device, to the received user identification of the session message;
  • a session parameter such as the Session identification of the connection being set-up e.g. a random session number, which is usually forwarded in the known messages anyway;
  • the method differs from the CHAP protocol by the fact that the user equipment chooses the challenge random string such as the session parameter by itself.
  • the authenticator verifies whether the credential of the user matches with its own verification credential by generating its own verification credential based on the available password according to his information and the received session parameter.
  • This method and related devices are suited for user authentication when using a broadcasting protocol such as the DHCP protocol. It gives the ability of having a better security than the use of plain text usernames and user passwords, without having to introduce new session establishment protocol messages.
  • the method further comprises also determining according to predefined rules and conditions an acceptance of the received session parameter. Indeed, when on top of the verification of the credential, the authenticator also verifies whether the session parameter is an acceptable one according to predefined rules and conditions, potential hackers will be easily disappointed.
  • An example of the predefined rules and conditions is e.g. for a session parameter being a session identifier that should increment with start up of every new session, verifying whether the session parameter is not reused frequently and whether the session parameter is indeed incremented every time. This is described in claim 2 .
  • DHCP Dynamic Host Protocol
  • a very suitable message of the known DHCP protocol for providing the three items i.e. the user identification that uniquely identifies the user, the session parameter and the generated credential is e.g. Discover message of the DHCP protocol.
  • a typical DHCP message contains a fixed field and an option-field.
  • each DHCP message comprises an options field.
  • Some predefined options inside this option-field are described more in detail in RFC 2132.
  • some predefined options, as an example option number 61, of this option-field have a predefined content-field that can be implemented freely according to the operator's request.
  • the i1 . . . in field could also be implemented by a user-identification of the user itself. It has to be understood that this example is only one possible implementation of the present invention.
  • the aim is that the DHCP-standard comprises different potential fields for the inclusion of the above-mentioned three items.
  • a possible implementation of the session parameter is by means of a session identifier that uniquely identifies the session, which is actually being established. This is described in claim 6 . Indeed, as it is described in RFC 2131 in paragraph 2, field number (4) is defined as a Transaction Identifier.
  • This transaction identifier XID also called the session identifier, is usually a random number chosen by the client i.e. the user equipment, and used by the client and the server i.e. the authenticator in order to associate messages and responses between a client an a server.
  • this session identification as a number that increments with every start of a new session establishment
  • the authentication device is enabled to follow the expected value for the session parameter and to control it accordingly before accepting it. Since this session parameter is forwarded anyway from the user equipment to the authentication device, according to such an implementation, no extra field has to be foreseen in the used session message. Furthermore, since the session identification according to the known standard is defined as 32-bit long, this makes it difficult to break.
  • the authentication device according to the present invention can at least partly be included in a network access provide in a public domain environment. This is described in claim 6 .
  • the functional blocks with the associated functionality can be included as a whole in one and the same network device but can as well be distributed over different network domains such as the Network Access Provider or the Network Service Provider.
  • the present network access provider via which the user equipment gets access to the public domain internet
  • part of the authentication device can at the same time be integrated in a Network Service Provider e.g. at a Remote Authentication Protocol Server. This will be explained in more details in a later paragraph.
  • a device A coupled to a device B should not be limited to devices or systems wherein an output of device A is directly connected to an input of device B. It means that there exists a path between an output of A and an input of B which may be a path including other devices or means.
  • FIG. 1 represents a telecommunication network that comprises a user equipment and authentication device according to the present invention.
  • FIG. 2 represents a user-equipment and an authentication device with its interactions according to the present invention and its associated functional blocks.
  • FIG. 1 and FIG. 2 The working of the devices according to the present invention in accordance with its telecommunication environment that is shown in FIG. 1 and FIG. 2 will be explained by means of a functional description of the different blocks shown therein. Based on this description, the practical implementation of the blocks will be obvious to a person skilled in the art and will therefor not be described in details. In addition, the principle working of the method to provide an authentication for a user will be described in further detail.
  • the telecommunication network comprises an access network AN, two Service Provider Networks NSP 1 and NSP 2 and a Regional Broadband Network RBN.
  • the access network AN comprises a user equipment EQUIP of a user and an access multiplexer AMUX at the edge between the access network AN and the Regional Broadband Network RBN.
  • the Regional Broadband Network RBN further comprises a Network Access Provider NAP and two edge routers ER 1 and ER 2 at the edge with, respectively, the first network service provider NSP 1 and the second network service provider NSP 2 .
  • the first network service provider NSP 1 further comprises a Remote Authentication Protocol Server RAP-S.
  • the User Equipment EQUIP is coupled via the Access Multiplexer AMUX to the Network Access Provider NAP. Between the user equipment EQUIP and the Network Access Provider NAP a Dynamic Host configuration Protocol DHCP is enabled.
  • the Network Access Provider NAP is coupled via the first Edge Router ER 1 to the Remote Authentication Protocol Server RAP-S. Between the Network Access Provider NAP and the Remote Authentication Protocol Server a Remote Authentication Protocol RAP is enabled.
  • the functional blocks of the authentication device AUTH is distributed over the Remote Authentication Protocol Server RAP-S and the Network Access provider NAP.
  • the Network Access provider NAP comprises a first part of the authentication device, called AUTH′ and the Remote Authentication Protocol server comprises a second part of the authentication device, called AUTH′′.
  • the two parts of the authentication device AUTH (See FIG. 1) are providing, according to the method of the invention, an authentication for User 2 , named in the Figures U 2 which is located at the user equipment EQUIP.
  • the User U 2 desires to start establishment of a session. Presume that this will be the first session for user U 2 .
  • the desired session establishment will be set up according to the DHCP protocol.
  • User U 2 is located at the User Equipment EQUIP and provides at the right time its username and password.
  • the User Equipment EQUIP comprises a first generator GEN 1 and a second generator GEN 2 . Both generators are coupled to an output of the user Equipment EQUIP for the interaction with the user U 2 , to a second memory MEM 2 and to each other.
  • the second generator GEN 2 is also coupled to an output of the user equipment EQUIP for the interaction with the network i.e. coupled via the Access Multiplexer of FIG. 2 to the authentication device AUTH.
  • the authentication device AUTH comprises the two above-mentioned parts i.e. AUTH′ and AUTH′′.
  • the first part of the authentication device AUTH′ comprises an acceptor ACC that is coupled via an input/output of the first part of the authentication device AUTH′ to the second generator GEN 2 of the user equipment EQUIP and via an input/output of the first part of the authentication device AUTH′ towards the second part of the authentication device AUTH′′.
  • the second part of the authentication device AUTH′′ comprises an input/output that is coupled to a first memory MEM 1 , a third generator GEN 3 and a verifier VER.
  • the first memory MEM 1 is also coupled to the third generator GEN 3 that on its turn is also coupled to the verifier VER.
  • the user equipment EQUIP comprises the first generator GEN 1 to generate a credential C(P-U 2 ; XID 21 ) based upon a user password P-U 2 being associated to the user U 2 and a session parameter XID 21 being determined by the user equipment EQUIP for this session which is actual being established.
  • the generated credential referred to as C(P-U 2 ; XID 21 ), is chosen for this particular embodiment as a one-way-function. This one-way-function is based on the user password P-U 2 and on the session parameter XID 21 .
  • the user password P-U 2 is provided by the user U 2 to his user equipment at the time of starting up its session. This user password is a password of the user U 2 that has been predefined and that is known by the user U 2 .
  • the symbol XID 21 is used to show that the session parameter is associated to a user U 2 (second user) who is setting up its first session.
  • the session parameter XID 21 is chosen to be the session identification according to the DHCP RFC 2131. It has to be understood that a predefined method with predefined rules and conditions is used to determine this session identification XID 21 . Presume that the value of the session parameter is determined by the user equipment EQUIP as an increment with one of the previous value of a previous session of user U 2 . This means that the actual value of the session parameter XID 21 should always be kept at the user equipment. This is shown in FIG. 1 by means of the second memory MEM 2 . The functional blocks to look-up the previous value of a session parameter and to calculate the new value is not described here in detail. The aim is that this new value is determined and is stored in the second memory MEM 2 . This new value is looked-up in the second memory means by the first generator by means of the user identification USER 2 that is associated to the session parameter XID 21 .
  • This user identification USER 2 is provided by the user U 2 to the user equipment EQUIP.
  • the user identification is here implemented by a “username@servicename” and identifies uniquely the user U 2 .
  • the first generator GEN 1 When the first generator GEN 1 retrieved the right session parameter XID 21 and received the user password P-U 2 of user U 2 , the first generator is enabled to generate the required credential C(P-U 2 ; XID 21 ).
  • the generated credential C(P-U 2 ; XID 21 ) is provided by the first generator GEN 1 to the second generator GEN 2 .
  • the second generator GEN 2 is enabled to comprise in a session message DISCOVER(USER 2 ; XID 21 ; C(P-U 2 ; XID 21 )) of the DHCP protocol a user identification USER 2 uniquely identifying the user U 2 , the session parameter XID 21 and the generated credential C(P-U 2 ; XID 21 ) and to forward this session message DISCOVER(USER 2 ; XID 21 ; C(P-U 2 ; XID 21 )) to the first part of the authentication device AUTH′.
  • the user parameter USER 2 is provided by the user U 2 to the user equipment EQUIP, as described above.
  • the session parameter XID 21 is retrieved by the second generator GEN 2 , again according to the association with the user identification USER 2 , and is provided by the second memory MEM 2 to this second generator GEN 2 .
  • the second generator GEN 2 received all information that needs to be included in a session message.
  • the authentication information is included in the option-field of this DISCOVER message.
  • the authentication information is the user identification USER 2 , the session parameter XID 21 and the generated credential C(P-U 2 ; XID 21 ).
  • the session identification XID is already a predefined part of the fixed field in the Discover message whereby it doesn't need to be repeated anymore at an other place in the message (not in de fixed field or not in the option-field of the message).
  • the session parameter can be included in the fixed field of the DHCP message whereby the user identification is comprised at a first place of a first option of the option-field and the credential is included at a second place of a second option of the option-field.
  • the second generator GEN 2 generates this DISCOVER message and includes the authentication information in the option field of it.
  • the generated DISCOVER message is distributed via the access multiplexer AMUX into the Regional Broadband Network towards, among potential others, the first part of the authentication device AUTH′.
  • the session parameter XID 21 is extracted from the message and provided to the acceptor ACC.
  • the acceptor determines according to predefined rules and conditions an acceptance of this received session parameter XID 21 .
  • the acceptor first determines an expected session parameter. This expected parameter is determined according to related predefined rules and conditions as were used by the user equipment EQUIP.
  • the acceptor stored therefor a previous value for a previous session of this user U 2 .
  • the acceptor extracts from the DISCOVER message the user identification USER 2 and determines herewith and according to the previously stored information the last used session parameter XID for user U 2 .
  • the expected session parameter is determined by the acceptor according to the predefined rules and conditions i.e. incrementing with one.
  • the value of the received session parameter XID 21 and the value of the expected session parameter are compared with each other whereby the acceptor provides an acceptance of the actual used session parameter XID 21 in the event when these values are lining up with each other.
  • An extra security degree is established with this extra step of verifying the acceptance of the session parameter XID 21 .
  • the acceptor determines one expected value for the session parameter
  • the acceptor may as well compare the received session parameter with an expected set of session parameters.
  • An example hereby is that the received session parameter needs to be included in the range between the previous received session parameter plus 10.
  • the first part of the authentication device AUTH′ is permitted to further forward the authentication information to the second part of the authentication device AUTH′′.
  • the protocol between the first part of the authentication device AUTH′ and the second part of the authentication device AUTH′′ is a Remote Authentication Protocol. It has to be understood that this protocol needs to possess its own secure way to transmit the authentication information.
  • the first part of the authentication device AUTH′ comprises the authentication information in one of its messages and transmits it to the second part of the authentication device AUTH′′.
  • the second part of the authentication device AUTH′′ extracts the authentication information i.e. the user identification USER 2 , the session parameter XID 21 and the credential C(P-U 2 ; XID 21 ) from the received message.
  • the third generator GEN 3 is comprised in the second part of the authentication device AUTH′′ to generate a verification credential VC(P-U 2 ; XID 21 ) based upon the received session parameter XID 21 and based upon a user password P-U 2 that is associated to the received user identification USER 2 , and to provide the verification credential (VC(P-U 2 ; XID 21 )) to a verifier (VER).
  • VER verifier
  • the third generator GEN 3 uses the extracted session parameter XID 21 and the extracted user parameter USER 2 .
  • the user parameter USER 2 is used to retrieve from the first memory MEM 1 the associated user password P-U 2 . This user password was previously provided and stored by the operator to the second part of the authentication device AUTH′′.
  • the third generator GEN 3 With the session parameter XID 21 and the retrieved user password P-U 2 the third generator GEN 3 generates its verification credential VC(P-U 2 ; XID 21 ) and provides this to the verifier VER.
  • the verifier VER is included in the second part of the authentication device to verify the verification credential VC(P-U 2 ; XID 21 ) against the received credential C(P-U 2 ; XID 21 ) and to provide thereby the authentication for the user U 2 .
  • the verifier VER uses the extracted credential C(P-U 2 ; XID 21 ) and the generated verification credential VC(P-U 2 ; XID 21 ). In the event when a match is found between both values, the verifier VER generates a confirmation of the authentication that is transmitted by the second part of the authentication device AUTH′′ to the first part of the authentication device AUTH′ (not shown). The fist part of the authentication device AUTH′′ confirms this confirmation of the authentication towards the user U 2 by means of a DHCP message e.g. the DHCP Offer message that is transmitted to the user equipment EQUIP.
  • a DHCP message e.g. the DHCP Offer message that is transmitted to the user equipment EQUIP.
  • the method to provide an authentication for user U 2 during session establishment according to the DHCP protocol between the user equipment EQUIP and the authentication device AUTH comprises the following principle steps:

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)
  • Telephonic Communication Services (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
  • Collating Specific Patterns (AREA)
US10/733,638 2002-12-20 2003-12-12 Method to provide an authentication for a user Abandoned US20040128561A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP02293184.4 2002-12-20
EP02293184A EP1434404B1 (de) 2002-12-20 2002-12-20 Verfahren und Vorrichtung zur Authentifizierung eines Benutzers

Publications (1)

Publication Number Publication Date
US20040128561A1 true US20040128561A1 (en) 2004-07-01

Family

ID=32405800

Family Applications (1)

Application Number Title Priority Date Filing Date
US10/733,638 Abandoned US20040128561A1 (en) 2002-12-20 2003-12-12 Method to provide an authentication for a user

Country Status (4)

Country Link
US (1) US20040128561A1 (de)
EP (1) EP1434404B1 (de)
AT (1) ATE291321T1 (de)
DE (1) DE60203312T2 (de)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050099981A1 (en) * 2003-09-26 2005-05-12 Welmin Liu HRPD network access authentication method based on CAVE algorithm
US10158489B2 (en) 2015-10-23 2018-12-18 Oracle International Corporation Password-less authentication for access management
US10164971B2 (en) 2015-10-22 2018-12-25 Oracle International Corporation End user initiated access server authenticity check
US10225283B2 (en) 2015-10-22 2019-03-05 Oracle International Corporation Protection against end user account locking denial of service (DOS)
US10250594B2 (en) * 2015-03-27 2019-04-02 Oracle International Corporation Declarative techniques for transaction-specific authentication
US10257205B2 (en) 2015-10-22 2019-04-09 Oracle International Corporation Techniques for authentication level step-down
US11341796B1 (en) 2021-01-04 2022-05-24 Bank Of America Corporation System for secure access and initiation using a remote terminal

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101032148B (zh) * 2004-07-30 2013-10-23 高通股份有限公司 用于网络接入的通信会话的设备及方法
US9032065B2 (en) 2004-07-30 2015-05-12 Qualcomm Incorporated Fast link establishment for network access
JP2006086907A (ja) * 2004-09-17 2006-03-30 Fujitsu Ltd 設定情報配布装置、方法、プログラム、媒体、及び設定情報受信プログラム
CN101057459B (zh) * 2004-09-28 2014-07-30 高通股份有限公司 对具有不同链路建立协议的网络的越区切换支持
US8233416B2 (en) 2004-09-28 2012-07-31 Qualcomm Incorporated Handoff supports for networks having different link establishment protocols
US7558866B2 (en) * 2004-12-08 2009-07-07 Microsoft Corporation Method and system for securely provisioning a client device
US8661252B2 (en) 2008-06-20 2014-02-25 Microsoft Corporation Secure network address provisioning

Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6161185A (en) * 1998-03-06 2000-12-12 Mci Communications Corporation Personal authentication system and method for multiple computer platform
US6230269B1 (en) * 1998-03-04 2001-05-08 Microsoft Corporation Distributed authentication system and method
US20010047484A1 (en) * 2000-03-07 2001-11-29 Alexander Medvinsky Authenticated dynamic address assignment
US6393484B1 (en) * 1999-04-12 2002-05-21 International Business Machines Corp. System and method for controlled access to shared-medium public and semi-public internet protocol (IP) networks
US20020076054A1 (en) * 2000-12-14 2002-06-20 The Furukawa Electric Co., Ltd. Session shared key sharing method, wireless terminal authentication method, wireless terminal, and base station device
US20030055990A1 (en) * 2001-08-23 2003-03-20 Hughes Electronics Corporation, Single-modem multi-user virtual private network
US20030061509A1 (en) * 2001-09-27 2003-03-27 Fisher Lee Adam Token-based authentication for network connection
US20030091013A1 (en) * 2001-11-07 2003-05-15 Samsung Electronics Co., Ltd. Authentication method between mobile node and home agent in a wireless communication system
US20030204744A1 (en) * 2002-04-26 2003-10-30 Robert-Claude Maltais Network access control
US6742126B1 (en) * 1999-10-07 2004-05-25 Cisco Technology, Inc. Method and apparatus for identifying a data communications session
US7036143B1 (en) * 2001-09-19 2006-04-25 Cisco Technology, Inc. Methods and apparatus for virtual private network based mobility
US7096490B2 (en) * 2002-03-20 2006-08-22 Actiontec Electronics, Inc. Information routing device having an auto-configuration feature
US7114070B1 (en) * 2001-01-26 2006-09-26 3Com Corporation System and method for automatic digital certificate installation on a network device in a data-over-cable system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6668322B1 (en) * 1999-08-05 2003-12-23 Sun Microsystems, Inc. Access management system and method employing secure credentials

Patent Citations (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6230269B1 (en) * 1998-03-04 2001-05-08 Microsoft Corporation Distributed authentication system and method
US6161185A (en) * 1998-03-06 2000-12-12 Mci Communications Corporation Personal authentication system and method for multiple computer platform
US6393484B1 (en) * 1999-04-12 2002-05-21 International Business Machines Corp. System and method for controlled access to shared-medium public and semi-public internet protocol (IP) networks
US6742126B1 (en) * 1999-10-07 2004-05-25 Cisco Technology, Inc. Method and apparatus for identifying a data communications session
US20010047484A1 (en) * 2000-03-07 2001-11-29 Alexander Medvinsky Authenticated dynamic address assignment
US20020076054A1 (en) * 2000-12-14 2002-06-20 The Furukawa Electric Co., Ltd. Session shared key sharing method, wireless terminal authentication method, wireless terminal, and base station device
US7114070B1 (en) * 2001-01-26 2006-09-26 3Com Corporation System and method for automatic digital certificate installation on a network device in a data-over-cable system
US20030055990A1 (en) * 2001-08-23 2003-03-20 Hughes Electronics Corporation, Single-modem multi-user virtual private network
US7036143B1 (en) * 2001-09-19 2006-04-25 Cisco Technology, Inc. Methods and apparatus for virtual private network based mobility
US20030061509A1 (en) * 2001-09-27 2003-03-27 Fisher Lee Adam Token-based authentication for network connection
US20030091013A1 (en) * 2001-11-07 2003-05-15 Samsung Electronics Co., Ltd. Authentication method between mobile node and home agent in a wireless communication system
US7096490B2 (en) * 2002-03-20 2006-08-22 Actiontec Electronics, Inc. Information routing device having an auto-configuration feature
US20030204744A1 (en) * 2002-04-26 2003-10-30 Robert-Claude Maltais Network access control

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050099981A1 (en) * 2003-09-26 2005-05-12 Welmin Liu HRPD network access authentication method based on CAVE algorithm
US20090190562A1 (en) * 2003-09-26 2009-07-30 Samsung Electronics Co., Ltd. Hrpd network access authentication method based on cave algorithm
US7630345B2 (en) * 2003-09-26 2009-12-08 Samsung Electronics Co., Ltd HRPD network access authentication method based on CAVE algorithm
US7990930B2 (en) 2003-09-26 2011-08-02 Samsung Electronics Co., Ltd. HRPD network access authentication method based on cave algorithm
US10834075B2 (en) 2015-03-27 2020-11-10 Oracle International Corporation Declarative techniques for transaction-specific authentication
US10250594B2 (en) * 2015-03-27 2019-04-02 Oracle International Corporation Declarative techniques for transaction-specific authentication
US10225283B2 (en) 2015-10-22 2019-03-05 Oracle International Corporation Protection against end user account locking denial of service (DOS)
US10164971B2 (en) 2015-10-22 2018-12-25 Oracle International Corporation End user initiated access server authenticity check
US10257205B2 (en) 2015-10-22 2019-04-09 Oracle International Corporation Techniques for authentication level step-down
US10666643B2 (en) 2015-10-22 2020-05-26 Oracle International Corporation End user initiated access server authenticity check
US10735196B2 (en) 2015-10-23 2020-08-04 Oracle International Corporation Password-less authentication for access management
US10158489B2 (en) 2015-10-23 2018-12-18 Oracle International Corporation Password-less authentication for access management
US11341796B1 (en) 2021-01-04 2022-05-24 Bank Of America Corporation System for secure access and initiation using a remote terminal
US11967192B2 (en) 2021-01-04 2024-04-23 Bank Of America Corporation System for secure access and initiation using a remote terminal

Also Published As

Publication number Publication date
EP1434404B1 (de) 2005-03-16
DE60203312D1 (de) 2005-04-21
EP1434404A1 (de) 2004-06-30
DE60203312T2 (de) 2006-04-27
ATE291321T1 (de) 2005-04-15

Similar Documents

Publication Publication Date Title
US7680878B2 (en) Apparatus, method and computer software products for controlling a home terminal
Saint-Andre Extensible messaging and presence protocol (XMPP): Core
EP1405490B1 (de) Verfahren und system für einen dienstleistungsprozess zur bereitstellung eines dienstes zu einem kunden
Kaufman Internet key exchange (IKEv2) protocol
JP5047291B2 (ja) インターネットユーザに対して認証サービスを提供するための方法およびシステム
US7529926B2 (en) Public key certification providing apparatus
Gutmann {Plug-and-Play}{PKI}: A {PKI} Your Mother Can Use
US20070186273A1 (en) Method and system for managing access authorization for a user in a local administrative domain when the user connects to an ip network
EP1434404B1 (de) Verfahren und Vorrichtung zur Authentifizierung eines Benutzers
JP2009503916A (ja) マルチ鍵暗号化生成アドレス
JP2009110522A (ja) プロキシ認証サーバ
US20100306820A1 (en) Control of message to be transmitted from an emitter domain to a recipient domain
WO2012058896A1 (zh) 单点登录方法及系统
CN101960814A (zh) Ip地址委派
US11184179B2 (en) Security using self-signed certificate that includes an out-of-band shared secret
Hardaker Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP)
CN101471767B (zh) 密钥分发方法、设备及系统
KR20060032602A (ko) 패스워드를 분배하기 위한 방법
US20170331793A1 (en) Method and a system for managing user identities for use during communication between two web browsers
JP4073931B2 (ja) 端末、通信装置、通信確立方法および認証方法
Schulz et al. d 2 Deleting Diaspora: Practical attacks for profile discovery and deletion
Cisco Multiple RSA Key Pair Support
JP4280536B2 (ja) 公開鍵生成装置、方法、及び、公開鍵証明書発行方法
JP2009181194A (ja) 認証システム、それに用いる制御装置、認証方法および認証用プログラム
JP2005333684A (ja) 公開鍵生成装置、方法、及び、公開鍵証明書発行方法

Legal Events

Date Code Title Description
AS Assignment

Owner name: ALCATEL, FRANCE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:BOUCHAT, CHRISTELE;OOGHE, SVEN MAURICE JOSEPH;SIX, ERWIN ALFONS CONSTANT;REEL/FRAME:014800/0014

Effective date: 20031024

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO PAY ISSUE FEE